Self-employed targeted in latest HMRC phishing scam

Self-employed professionals utilising the Self-Employment Income Support Scheme (SEISS) are the latest target of cyber-criminals.

Entrepreneurs and sole traders taking advantage of the Government’s SEISS are being urged to remain vigilant with their sensitive personal and financial data, due to the proliferation of a phishing scam by fraudsters purporting to be HM Revenue and Customs (HMRC).

Discovered by litigation firm Griffin Law, this latest phishing sting commences with an SMS message distributed to self-employed professionals. The text appears to be sent by HMRC, informing individuals they are eligible for a tax rebate.

The message directs individuals to a phishing site named https://hmrefund.com. At face value, the website appears a carbon copy of the official HMRC Government portal.

Once on the fake site, users are directed to complete a form to ‘submit’ their application for a tax rebate. They must provide their email address, postcode and HMRC log-in information – none of which would ordinarily be required for a legitimate tax rebate.

The form then calculates a fake rebate figure, before asking individuals to input their debit or credit card details to have the rebate processed into their bank account.

It’s not the first time in recent weeks that phishing scams have been uncovered during the coronavirus crisis, with fraudsters having posed as the World Health Organization (WHO) too.

With Chancellor Rishi Sunak extending SEISS for a second one-off grant in August, the self-employed are being urged to be mindful that they are a target for fraudsters amid the COVID-19 uncertainty.

Chris Ross, senior vice-president of cyber security firm Barracuda Networks, said: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the COVID-19 outbreak.

“We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.

“Tackling this growing threat requires businesses to have the necessary security systems in place to identify suspicious emails and texts, as well as warning employees to remain vigilant against requests for private information from unverified sites and URLs, often sent to their phone.

“All it takes is one mistake and cyber criminals could get hold of the full details of a company credit card and bank account, causing serious problems for business owners in a particularly tough time.”

Unsure whether an HMRC communication is legitimate?

If you have any doubt about the legitimacy of communications purporting to be from HMRC, please don’t hesitate to get in touch with us. Our friendly, experienced team knows what HMRC do and don’t require from you to process a legitimate tax rebate.

Call us today on 01226 449554 or complete our online enquiry form and we’ll be in touch as soon as possible.


For our latest COVID-19 news and guidance for your business, visit our dedicated Coronavirus Hub.
We will be updating it regularly as we continue to monitor and digest all the latest information

Last updated: 28th November 2023